- From: cynthia <notifications@github.com>
- Date: Mon, 07 Jun 2021 02:29:38 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 7 June 2021 09:30:27 UTC
I haven't had enough time to dive deep into the spec, but here are some questions after giving it a quick first-pass. 1. Lots of strings in the API is USVString - feels like DOMString would be more appropriate, is there something I'm missing? 2. Given the power of the API, would it make sense to consider gating this behind a permission? I believe the counter argument is - why should this be behind a permission when WebGL is not, and I think WebGL was an unfortunate choice given how it is being abused to fingerprint users. 3. Should the cache be origin-gated? If the compilation is incredibly fast this shouldn't be an issue, but with slow enough compilation times timing-based fingerprinting feels like it would be possible. 4. Is there a story for mitigating denial-of-service by exhausting VRAM? (Technically, I guess it won't be a denial of service, but more of a "new tabs paint crazy slow" from an end-user perspective.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/626#issuecomment-855769260
Received on Monday, 7 June 2021 09:30:27 UTC